Here's a simple example based on a scenario from the above blog. Some guy works as a low level programmer or tech support or sth. Nobody pays much attention to him. His job is as simple as writting Installers or changing backup tapes and ink cartridges. The company's network is secure with super firewalls, VLANs etc. That guy, while bored, enters a CSS vulnerable site let's say MySpace. The attacker has put there a script which is downloaded once the website loads. That's it! The employee didn't see anything strange happening. He continues surfing around while that malicious script is running in the background collecting information about his computer, the network topology, previous network destinations, cached information, passwords etc. That same script may contain exploit code targeting well protected, private network equipment. Boom! How about that?
All this has a point. 90% of the people I know feel threated by viruses on floppy disks or kidz trying to steal their credit card info. Such an illusion. Somebody may already have hijacked their PC to assemble a botnet and they'll still be running their Antivirus once a week scanning for boot sector viruses :P
Right now technology is a big vector. The majority of people are stuck at the tail and few are shapping things at the head. Unfortunately there's a huge gap in the middle.
This very moment vulnerabilities are being found, exploits are designed and by tomorrow these people will own the world. Can YOU keep up?
Sunday, August 06, 2006
Subscribe to: Post Comments (Atom)
Post a Comment